SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   curl Vendors:   curl.haxx.se
(Red Hat Issues Fix) cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1039899
SecurityTracker URL:  http://securitytracker.com/id/1039899
CVE Reference:   CVE-2017-1000257   (Links to External Site)
Date:  Nov 30 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.20.0 - 7.56.0
Description:   A vulnerability was reported in cURL. A remote user can cause the target application to crash. A remote user can obtain potentially sensitive information on the target system.

A remote user can return a specially crafted IMAP FETCH response to trigger a buffer overread in the IMAP handler and obtain potentially sensitive information from memory on the target system or cause the target application using libcurl to crash.

Brian Carpenter, Geeknik Labs, and 0xd34db347 reported this vulnerability.

Impact:   A remote user can cause the target application using libcurl to crash.

A remote user can obtain potentially sensitive information on the target system.

Solution:   Red Hat has issued a fix.

The Red Hat advisory is available at:

https://access.redhat.com/errata/RHSA-2017:3263

Vendor URL:  access.redhat.com/errata/RHSA-2017:3263 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Oct 24 2017 cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information



 Source Message Contents

Subject:  [RHSA-2017:3263-01] Moderate: curl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update
Advisory ID:       RHSA-2017:3263-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3263
Issue date:        2017-11-27
CVE Names:         CVE-2017-1000257 
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le

3. Description:

The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.

Security Fix(es):

* A buffer overrun flaw was found in the IMAP handler of libcurl. By
tricking an unsuspecting user into connecting to a malicious IMAP server,
an attacker could exploit this flaw to potentially cause information
disclosure or crash the application. (CVE-2017-1000257)

Red Hat would like to thank the Curl project for reporting this issue.
Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the
original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
curl-7.29.0-42.el7_4.1.src.rpm

x86_64:
curl-7.29.0-42.el7_4.1.x86_64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-7.29.0-42.el7_4.1.i686.rpm
libcurl-7.29.0-42.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-devel-7.29.0-42.el7_4.1.i686.rpm
libcurl-devel-7.29.0-42.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
curl-7.29.0-42.el7_4.1.src.rpm

x86_64:
curl-7.29.0-42.el7_4.1.x86_64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-7.29.0-42.el7_4.1.i686.rpm
libcurl-7.29.0-42.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-devel-7.29.0-42.el7_4.1.i686.rpm
libcurl-devel-7.29.0-42.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
curl-7.29.0-42.el7_4.1.src.rpm

ppc64:
curl-7.29.0-42.el7_4.1.ppc64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.ppc.rpm
curl-debuginfo-7.29.0-42.el7_4.1.ppc64.rpm
libcurl-7.29.0-42.el7_4.1.ppc.rpm
libcurl-7.29.0-42.el7_4.1.ppc64.rpm
libcurl-devel-7.29.0-42.el7_4.1.ppc.rpm
libcurl-devel-7.29.0-42.el7_4.1.ppc64.rpm

ppc64le:
curl-7.29.0-42.el7_4.1.ppc64le.rpm
curl-debuginfo-7.29.0-42.el7_4.1.ppc64le.rpm
libcurl-7.29.0-42.el7_4.1.ppc64le.rpm
libcurl-devel-7.29.0-42.el7_4.1.ppc64le.rpm

s390x:
curl-7.29.0-42.el7_4.1.s390x.rpm
curl-debuginfo-7.29.0-42.el7_4.1.s390.rpm
curl-debuginfo-7.29.0-42.el7_4.1.s390x.rpm
libcurl-7.29.0-42.el7_4.1.s390.rpm
libcurl-7.29.0-42.el7_4.1.s390x.rpm
libcurl-devel-7.29.0-42.el7_4.1.s390.rpm
libcurl-devel-7.29.0-42.el7_4.1.s390x.rpm

x86_64:
curl-7.29.0-42.el7_4.1.x86_64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-7.29.0-42.el7_4.1.i686.rpm
libcurl-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-devel-7.29.0-42.el7_4.1.i686.rpm
libcurl-devel-7.29.0-42.el7_4.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
curl-7.29.0-42.el7_4.1.src.rpm

aarch64:
curl-7.29.0-42.el7_4.1.aarch64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.aarch64.rpm
libcurl-7.29.0-42.el7_4.1.aarch64.rpm
libcurl-devel-7.29.0-42.el7_4.1.aarch64.rpm

ppc64le:
curl-7.29.0-42.el7_4.1.ppc64le.rpm
curl-debuginfo-7.29.0-42.el7_4.1.ppc64le.rpm
libcurl-7.29.0-42.el7_4.1.ppc64le.rpm
libcurl-devel-7.29.0-42.el7_4.1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
curl-7.29.0-42.el7_4.1.src.rpm

x86_64:
curl-7.29.0-42.el7_4.1.x86_64.rpm
curl-debuginfo-7.29.0-42.el7_4.1.i686.rpm
curl-debuginfo-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-7.29.0-42.el7_4.1.i686.rpm
libcurl-7.29.0-42.el7_4.1.x86_64.rpm
libcurl-devel-7.29.0-42.el7_4.1.i686.rpm
libcurl-devel-7.29.0-42.el7_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-1000257
https://access.redhat.com/security/updates/classification/#moderate
https://curl.haxx.se/docs/adv_20171023.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaHCZPXlSAg2UNWIIRArLZAJ9jZocshA/ISS3aYe+ZTmMSLrZrLQCfU0Kq
4+pTRyHACBCzTbVquD1Z6ao=
=XLqi
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC